This page is no longer being maintained.

Introduction

It's pretty easy to get most PHP/MySQL applications working with nginx, but this requires a FastCGI implementation of PHP, and I've chosen PHP-FPM for this walk-through. As of April 23, 2018, this guide has been updated for OpenBSD 6.3. It was tested on the amd64 architecture, but will likely work on i386 and perhaps others.

Preparation

First, install OpenBSD. Be sure to create a user-level account for yourself during the installation process, and I'd recommend disabling remote root logins while you're at it. This user account will be added to the wheel group. On BSD systems, wheel group is comparable to an administrator group, granting access to use the su command, etc. You can add other trusted users to this group later on.

OpenBSD no longer includes sudo in the base install. It's still in ports if you must use it, but we'll be making use of the replacement doas(1) tool, which is similar to sudo in several ways. Create a file called /etc/doas.conf. The man pages for doas and doas.conf are quite helpful, but as a quick and dirty way to get up and running with doas, there's a minimal doas.conf file below. You can also add "nopass" after "permit" if you don't want to be prompted for a password. I don't recommend doing that to a production environment.

permit :wheel

If you have a hard time with typing "sudo" instead of "doas", you might want to add an alias to your shell profile.

The /etc/installurl file tells OpenBSD where to find binary packages. If you installed sets from an official OpenBSD mirror, the installurl file likely already exists with the mirror you installed from. Otherwise, create this file and add a mirror to it. My /etc/installurl looks like this:

https://ftp5.usa.openbsd.org/pub/OpenBSD

Install Packages

OpenBSD includes the Suhosin Hardened PHP patches in their default PHP package, which is nice. Nginx will require the use of PHP with FastCGI. We'll be using php-fpm for this, which was merged into the main PHP packages recently. Since OpenBSD's package manager automatically installs dependencies, you can get away with this command, which should install PHP, mariadb client tools, and everything else we need to get our PHP web application server up and running:

doas pkg_add nginx php-mysqli mariadb-server

You will be prompted for which version of PHP you want to install. Unless you have a good reason not to, it's best to go with the newest (highest version number) available. In OpenBSD 6.3, that's PHP 7.0.28. Enable php-mysqli by symlinking the sample mysqli.ini to the /etc/php-7.0 directory.doas ln -sf /etc/php-7.0.sample/mysqli.ini /etc/php-7.0/mysql.ini

Nginx makes it relatively easy to set up multiple virtual hosts, but that's beyond the scope of this article. We'll install everything to /var/www/htdocs as the default web root.

In /etc/php-fpm.conf, I would suggest increasing the value of pm.max_children to something higher than the default of 5, as even in my testing environment, this was insufficient. I went with 25. It seems to be working well in my production web server environments.

That's almost all there is to it. Just tell OpenBSD to start the nginx, php-fpm and mysqld services with rcctl enable:doas rcctl enable nginxdoas rcctl enable php70_fpmdoas rcctl enable mysqld

You can manually start all these services (mysqld is already running because we started it earlier), or just reboot to make sure everything works.

doas rcctl start nginxdoas rcctl start php70_fpm

Set up LAMP style web-apps

Since the web environment is in a chroot restricted to /var/www and the MySQL socket is not inside /var/www, the easiest way to get database access is to create your MySQL users for a host of "127.0.0.1" instead of localhost. This forces MySQL connections over TCP. There are some complicated ways of getting the socket into /var/www, such as forcing MySQL to write it inside /var/www or creating hard links to the socket. Those are beyond the scope of this article. My first test, as usual, was a simple PHPInfo file saved as index.php.

I've managed to install various pre-packaged content management systems on OpenBSD's with nginx without any problems. Some apps (like OwnCloud) seem to require some extra work.

HiR Featured Columns

HiR Tools

HiR Categories

About HiR

HiR is what happens when 1990s-era e-Zine writers decide to form a blog. Most of us hail from the Great Plains region of the United States.

Ax0n, HiR founder and editor-in-chief is an information security specialist currently working in the luxury goods industry.

Asmodian X joined HiR in December 1997 and currently works as a web developer and SysAdmin in the education industry.

Frogman has been on board since May 1998 and has many technical passions. When not experimenting with obscure hardware, he can be found leaping from one rooftop to the next, making the world his office.

TMiB has also been helping since 1998. Also our resident Physicist and go-to guy for xkcd jokes we don't get, The Man in Black currently works in the Internet industry in an east-coast data center.